summaryrefslogtreecommitdiff
path: root/etc/NEWS.29
diff options
context:
space:
mode:
Diffstat (limited to 'etc/NEWS.29')
-rw-r--r--etc/NEWS.2941
1 files changed, 23 insertions, 18 deletions
diff --git a/etc/NEWS.29 b/etc/NEWS.29
index 069661866ce..3f94b0d4634 100644
--- a/etc/NEWS.29
+++ b/etc/NEWS.29
@@ -15,11 +15,28 @@ in older Emacs versions.
You can narrow news to a specific version by calling 'view-emacs-news'
with a prefix argument or by typing 'C-u C-h C-n'.
-Temporary note:
-+++ indicates that all relevant manuals in doc/ have been updated.
---- means no change in the manuals is needed.
-When you add a new item, use the appropriate mark if you are sure it
-applies, and please also update docstrings as needed.
+
+* Changes in Emacs 29.3
+Emacs 29.3 is an emergency bugfix release intended to fix several
+security vulnerabilities described below.
+
+** Arbitrary Lisp code is no longer evaluated as part of turning on Org mode.
+This is for security reasons, to avoid evaluating malicious Lisp code.
+
+** New buffer-local variable 'untrusted-content'.
+When this is non-nil, Lisp programs should treat buffer contents with
+extra caution.
+
+** Gnus now treats inline MIME contents as untrusted.
+To get back previous insecure behavior, 'untrusted-content' should be
+reset to nil in the buffer.
+
+** LaTeX preview is now by default disabled for email attachments.
+To get back previous insecure behavior, set the variable
+'org--latex-preview-when-risky' to a non-nil value.
+
+** Org mode now considers contents of remote files to be untrusted.
+Remote files are recognized by calling 'file-remote-p'.
* Installation Changes in Emacs 29.2
@@ -43,37 +60,25 @@ more details.
* Changes in Emacs 29.2
-
-* Editing Changes in Emacs 29.2
+This is a bug-fix release with no new features.
* Changes in Specialized Modes and Packages in Emacs 29.2
** Tramp
-+++
*** New user option 'tramp-show-ad-hoc-proxies'.
When non-nil, ad-hoc definitions are kept in remote file names instead
of showing the shortcuts.
-* New Modes and Packages in Emacs 29.2
-
-
* Incompatible Lisp Changes in Emacs 29.2
-+++
** 'with-sqlite-transaction' rolls back changes if its BODY fails.
If the BODY of the macro signals an error, or committing the results
of the transaction fails, the changes will now be rolled back.
-* Lisp Changes in Emacs 29.2
-
-
-* Changes in Emacs 29.2 on Non-Free Operating Systems
-
-
* Installation Changes in Emacs 29.1
** Ahead-of-time native compilation can now be requested via configure.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 13:44:29 +0000